Edit the NAT policy

The NAT policy defines how network address translation (NAT) is applied to traffic.

The NAT policy does not contain any rules by default.

Steps

  1. Browse to NGFW > Policy > NAT.
  2. Add a rule in one of the following ways:
    • Click Add First Rule.
    • Click a rule, select > New, then select Rule Before or Rule After.
  3. Configure the settings, then click Save.
  4. Publish the changes.

Example

Fields marked with an asterisk in the user interface are mandatory.

Table 1. NAT Policy
Option Definition
NAT Service A set of matching criteria that matches traffic based on the protocol and port.
NAT Source A set of matching criteria that defines the source IP addresses and interfaces that the rule matches.
  • NAT Source — When selected, enables options in the cell.
  • Type part of the name of an element or browse through the drop-down list to select an element.
  • Click Set to ANY to match any element.
  • NAT Proxy ARP — When selected, allows the engine to answer address queries regarding the translated addresses.
NAT Source Translation Defines the options for NAT source translation.
  • NAT Source — When selected, enables the options in the cell.
  • NAT Type
    • Static — Source addresses in matching connections are translated using the same number of IP addresses as there are possible original source addresses. Each translated IP address corresponds to one original IP address.
    • Dynamic — Source addresses in matching connections are translated using a smaller pool of IP addresses than there are original source addresses included in the rule. Many hosts can use the same IP address, and the connections are distinguished by allocating a different TCP or UDP port for each connection.
  • NAT IP Address
    • AnyThis option is not yet supported.
    • IP Address — The original IP address is translated to the specified IP address.
    • Element — The original IP address is translated to the IP address of the selected Network element.
  • Port Range — When selected, specifies the port range for dynamic IP address translation.
    • Min — The start of the port range for IP address translation.
    • Max — The end of the port range for IP address translation.
NAT Destination A set of matching criteria that defines the destination IP addresses and interfaces that the rule matches and defines the options for NAT destination translation.
  • NAT Destination — When selected, enables the options in the cell.
  • Type part of the name of an element or browse through the drop-down list to select an element.
  • Click Set to ANY to match any element.
  • NAT IP Address
    • AnyThis option is not yet supported.
    • IP Address — The original IP address is translated to the specified IP address.
    • Element — The original IP address is translated to the IP address of the selected Network element.
  • Port Range — When selected, specifies the port range for dynamic IP address translation.
    • Min — The start of the port range for IP address translation.
    • Max — The end of the port range for IP address translation.
  • NAT Proxy ARP — When selected, allows the engine to answer address queries regarding the translated addresses.